package com.vulnerable.controller;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.vulnerable.bean.User;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import java.lang.reflect.Field;
import java.util.Set;

/**
 * @author jackliu  Email:
 * @description:
 * @Version
 * @create 2023-10-28 16:20
 */
@Controller
public class TestController {


    @RequestMapping("/user/login")
    @ResponseBody
    public String HelloWorld(@RequestBody String data) throws NoSuchFieldException, IllegalAccessException {

//        System.out.println(user);
        //使用的场景是传入对多个对象，然后遍历
        JSONObject object = JSON.parseObject(data);
        Set<String> propertyIdSet = object.keySet();

        User user = new User();
        for (String key : propertyIdSet) {
            String value = object.getString(key);
            //登录场景应该不会这样写，我这样写是为了实验效果和练习下反射
            //通过反射把数据注入到User
            Class<? extends User> aClass = user.getClass();
            Field field = aClass.getDeclaredField(key);
            field.setAccessible(true);
            field.set(user,value);

        }
        //假装调用service层验证
        if ("username".equals(user.getUsername()) &&  "admin".equals(user.getPassword())){

            return "登录成功";
        }else {
            return "登录失败";
        }
    }
    // userAdd
    @RequestMapping("/user/add")
    public String userAdd(@RequestBody User user){
        return user.toString();
    }

    //delete
    @RequestMapping
    public String delete(@RequestBody User user){
        return user.toString();
    }


}
